Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:08.05.2008
Source:
SecurityVulns ID:8972
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. pMachinePro: HTTP Response Splitting
Affected:VBZOOM : VBZooM 1.11
 SPHIDER : Sphider 1.3
 ZOMPLOG : Zomplog 3.8
 EGROUPWARE : Egroupware 1.4
 PMACHINEPRO : pMachinePro 2.4
 TUXCMS : tuxcms 0.1
 MVNFORUM : mvnForum 1.1
 ROUNDUP : roundup 1.3
 EZCONTENTS : ezContents CMS 2.0
CVE:CVE-2008-2041 (Multiple unspecified vulnerabilities in eGroupWare before 1.4.004 have unspecified attack vectors and "grave" impact when the web server has write access to a directory under the web document root.)
 CVE-2008-1502 (The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in eGroupWare before 1.4.003 allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.)
 CVE-2008-1474 (Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors.)
Original documentdocumentGENTOO, [ GLSA 200805-04 ] eGroupWare: Multiple vulnerabilities (08.05.2008)
 documenthadihadi_zedehal_2006_(at)_yahoo.com, ezContents CMS Version 2.0.0 SQL Injection Vulnerabilities (08.05.2008)
 documentDEBIAN, [SECURITY] [DSA 1554-2] New roundup packages fix regression (08.05.2008)
 documentdecoder-bugtraq_(at)_own-hero.net, mvnForum 1.1 Cross Site Scripting (08.05.2008)
 documenthadikiamarsi_(at)_hotmail.com, Multiple XSS In TuxCMS All Version (08.05.2008)
 documentCr4zY.CrAcKeR_(at)_hotmail.com, VBZooM <=V1.11 "reply.php" SQL Injection Vulnerability (08.05.2008)
 documentlinux0day_(at)_yahoo.com, Vulnerability in Multiple Web Application (08.05.2008)
 documentMustLive, Vulnerability in pMachinePro (08.05.2008)

Wonderware SuiteLink DoS
Published:08.05.2008
Source:
SecurityVulns ID:8973
Type:remote
Threat Level:
5/10
Description:Service crash on invalid network packet.
Affected:WONDERWARE : Wonderware SuiteLink 2.0
 WONDERWARE : WonderWare InTouch 8.0
CVE:CVE-2008-2005
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2008-0129 - Wonderware SuiteLink Denial of Service vulnerability (08.05.2008)

PHP multiple security vulnerabilities
Published:08.05.2008
Source:
SecurityVulns ID:8974
Type:library
Threat Level:
5/10
Description:GENERATE_SEED() weak random generator,
Affected:PHP : PHP 4.4
 PHP : PHP 5.2
Original documentdocumentStefan Esser, Advisory SE-2008-03: PHP Multibyte Shell Command Escaping Bypass Vulnerability (08.05.2008)
 documentStefan Esser, Advisory SE-2008-02: PHP GENERATE_SEED() Weak Random Number Seed Vulnerability (08.05.2008)

emacs symbolic links vulnerability
Published:08.05.2008
Source:
SecurityVulns ID:8975
Type:remote
Threat Level:
5/10
Description:vcdiff script insecure tamporary files creation.
Affected:EMACS : emacs 21.4
 EMACS : emacs 22.1
CVE:CVE-2008-1694
Original documentdocumentMANDRIVA, [ MDVSA-2008:096 ] - Updated emacs packages fix vulnerability in vcdiff (08.05.2008)

Multiple terminal clients X sessions hijack
Published:08.05.2008
Source:
SecurityVulns ID:8976
Type:local
Threat Level:
5/10
Description:Terminal always opens :0 display if DISPLAY is not set.
Affected:ETERM : eterm 0.9
 RXVT : rxvt 2.7
 ATERM : aterm 1.0
 MRXVT : mrxvt 0.5
 MULTIATERM : multi-aterm 0.2
 RXVT : rxvt-unicode 9.02
CVE:CVE-2008-1692 (Eterm 0.9.4 opens an xterm on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections.)
 CVE-2008-1142
Original documentdocumentGENTOO, [ GLSA 200805-03 ] Multiple X11 terminals: Local privilege escalation (08.05.2008)

rdesktop multiple security vulnerabilities
Published:08.05.2008
Source:
SecurityVulns ID:8977
Type:client
Threat Level:
6/10
Description:Multiple integer overflows and buffer overflows on RDP server response parsing.
Affected:RDESKTOP : rdesktop 1.5
CVE:CVE-2008-1803 (Integer signedness error in the xrealloc function (rdesktop.c) in RDesktop 1.5.0 allows remote attackers to execute arbitrary code via unknown parameters that trigger a heap-based overflow. NOTE: the role of the channel_process function was not specified by the original researcher.)
 CVE-2008-1802
 CVE-2008-1801
Original documentdocumentIDEFENSE, iDefense Security Advisory 05.07.08: Multiple Vendor rdesktop process_redirect_pdu() BSS Overflow Vulnerability (08.05.2008)
 documentIDEFENSE, iDefense Security Advisory 05.07.08: Multiple Vendor rdesktop channel_process() Integer Signedness Vulnerability (08.05.2008)
 documentIDEFENSE, iDefense Security Advisory 05.07.08: Multiple Vendor rdesktop iso_recv_msg() Integer Underflow Vulnerability (08.05.2008)

Novell Netware Client buffer overflow
Published:08.05.2008
Source:
SecurityVulns ID:8978
Type:local
Threat Level:
5/10
Description:Buffer overflow in password reminder on oversized username.
Affected:NOVELL : NetWare Client 4.91
Original documentdocumentlaurent gaffie, Novell Client <= 4.91 SP4 Local Stack overflow / B.S.O.D (unauthentificated user) (08.05.2008)

Adobe Reader silent printing
Published:08.05.2008
Source:
SecurityVulns ID:8979
Type:client
Threat Level:
5/10
Description:Script can send PDF document to printing without user's permission.x
Affected:ADOBE : Reader 8.1
CVE:CVE-2008-0655 (Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors.)
Original documentdocumentcocoruder, [Advisory Update]Adobe Reader/Acrobat Remote PDF Print Silently Vulnerability (08.05.2008)

Adobe Acrobat multiple security vulnerabilities
Published:08.05.2008
Source:
SecurityVulns ID:8980
Type:client
Threat Level:
5/10
Description:Protection bypass, memory corruption.
Affected:ADOBE : Acrobat Professional 7.0
CVE:CVE-2008-2042 (The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8.1.1 exposes a dangerous method, which allows remote attackers to (1) execute arbitrary commands or (2) trigger a buffer overflow via a crafted PDF file that invokes app.checkForUpdate with a malicious callback function.)
Original documentdocumentcocoruder, Adobe Acrobat Professional Javascript For PDF Security Feature Bypass and Memory Corruption Vulnerabilities (08.05.2008)

ZyXel ZyWALL crossite scripting
Published:08.05.2008
Source:
SecurityVulns ID:8981
Type:remote
Threat Level:
5/10
Description:Crossite scriptin with Referer: header.
Affected:ZYXEL : ZyWALL 100
Original documentdocumentDeniz Cevik, ZYWALL Referer Header XSS Vulnerability (08.05.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod